funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Zango spyware spreading with Facebook application

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 4 Jan 2008 03:37:11 +0200 (EET)
The first spyware spreading with Facebook application has been discovered. Security company Fortinet reports that 
application called Secret Crush is installing Zango (aka AdWare.Win32.180Solution) with Iframe.

This is the procedure:
"In opening the request, the recipient is informed that one of his/her friends has invited him/her to find out more information by 
using "Secret Crush"."

The text included to the request entry is "One of Your Friends Might Have a Crush on You!" providing normal 'Find Out Who!' and 
'Ignore' buttons.

Advisory from Fortinet:
"Facebook Widget Installing Spyware"
http://www.fortiguardcenter.com/advisory/FGA-2007-16.html

SecuriTeam Blogs:
"My name is Zango, I am spyware and I found Facebook applications"
http://blogs.securiteam.com/?p=1056

At time of writing it's not know if AV vendors offering Zango protection have protection for this Static.ZangoCash.com 
download process too.

An interesting reference:
"When is a Facebook Really a MySpace?"
http://www.allfacebook.com/2008/01/when-is-a-facebook-really-a-myspace/

listing a very remarkable installation base :-(

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: